From 3860eac17023933180ef5dfb5bd24077cda57dfe Mon Sep 17 00:00:00 2001
From: Jason Evans <je@fb.com>
Date: Tue, 15 May 2012 13:53:21 -0700
Subject: [PATCH] Fix heap profiling crash for realloc(p, 0) case.

Fix prof_realloc() to not call prof_ctx_set() if a sampled object is
being freed via realloc(p, 0).
---
 ChangeLog                        | 5 +++++
 include/jemalloc/internal/prof.h | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 231dd6da..829482fe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,11 @@ found in the git revision history:
     http://www.canonware.com/cgi-bin/gitweb.cgi?p=jemalloc.git
     git://canonware.com/jemalloc.git
 
+* 3.x.x (XXX not yet released)
+
+  Bug fixes:
+  - Fix heap profiling crash if sampled object is freed via realloc(p, 0).
+
 * 3.0.0 (May 11, 2012)
 
   Although this version adds some major new features, the primary focus is on
diff --git a/include/jemalloc/internal/prof.h b/include/jemalloc/internal/prof.h
index c3e3f9e4..6bed90b9 100644
--- a/include/jemalloc/internal/prof.h
+++ b/include/jemalloc/internal/prof.h
@@ -506,7 +506,7 @@ prof_realloc(const void *ptr, size_t size, prof_thr_cnt_t *cnt,
 	if ((uintptr_t)cnt > (uintptr_t)1U) {
 		prof_ctx_set(ptr, cnt->ctx);
 		cnt->epoch++;
-	} else
+	} else if (ptr != NULL)
 		prof_ctx_set(ptr, (prof_ctx_t *)(uintptr_t)1U);
 	/*********/
 	mb_write();